High severityNVD Advisory· Published Jul 21, 2020· Updated Aug 5, 2024

CVE-2018-21036

Description

Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
sails-hook-socketsnpm	< 1.5.5	1.5.5

Affected products

Sails.js/Sails.jsdescription
ghsa-coords
pkg:npm/sails-hook-sockets
Range: < 1.5.5

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-f7f4-hqp2-7prcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2018-21036ghsaADVISORY
www.openwall.com/lists/oss-security/2020/07/19/1ghsamailing-listx_refsource_MLISTWEB
github.com/balderdashy/sails-hook-sockets/commit/0533a4864b1920fd8fbb5287bc0889193c5faf44ghsax_refsource_MISCWEB
github.com/balderdashy/sails-hook-sockets/commit/ff02114eaec090ee51db48435cc32d451662606eghsax_refsource_MISCWEB
github.com/balderdashy/sails/blob/56f8276f6501a144a03d1f0f28df4ccdb4ad82e2/CHANGELOG.mdghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000